Context Navigation

source: creddy/creddy.hh @ b19d1f0

abac0-leakabac0-meicompt_changesgec13mei-idmei-rt0-nmei_rt0mei_rt2mei_rt2_fix_1meiyap-rt1meiyap1rt2tvf-new-xml

Last change on this file since b19d1f0 was 2a095a4, checked in by Mike Ryan <mikeryan@…>, 13 years ago
new method for writing certs/keys to file by name. lengthy explanation why we needed to add this for Perl
Property mode set to `100644`
File size: 5.7 KB

Line
1	#ifndef __CREDDY_HH__
2	#define __CREDDY_HH__
3
4	#include <cstdio>
5	#include <stdexcept>
6
7	namespace Creddy {
8	extern "C" {
9	#include <creddy.h>
10	}
11
12	class ID {
13	public:
14	ID() : m_id(NULL) { } // do not use: required by swig
15
16	// load an ID from a file
17	ID(char *filename) : m_id(NULL) {
18	m_id = creddy_id_from_file(filename);
19	if (m_id == NULL)
20	throw std::invalid_argument("Could not load ID cert");
21	}
22
23	// generate an ID with a given CN and validity
24	ID(char *cn, int validity) : m_id(NULL) {
25	int ret = creddy_id_generate(&m_id, cn, validity);
26	if (ret == CREDDY_GENERATE_INVALID_CN)
27	throw std::invalid_argument("CN must be alphanumeric and start with a letter");
28	if (ret == CREDDY_GENERATE_INVALID_VALIDITY)
29	throw std::invalid_argument("Validity must be > 0 days");
30	}
31
32	ID(const ID &id) { m_id = creddy_id_dup(id.m_id); }
33
34	~ID() { creddy_id_free(m_id); }
35
36	// load private key from a file
37	void load_privkey(char *filename) {
38	int ret = creddy_id_load_privkey(m_id, filename);
39	if (!ret)
40	throw std::invalid_argument("Could not load private key");
41	}
42
43	char *keyid() { return creddy_id_keyid(m_id); }
44	char *cert_filename() { return creddy_id_cert_filename(m_id); }
45	void write_cert(std::FILE *out) { creddy_id_write_cert(m_id, out); }
46	void write_cert(std::string &name) {
47	std::FILE *out = fopen(name.c_str(), "w");
48	if (out == NULL)
49	throw std::invalid_argument("Could not open cert file for writing");
50	write_cert(out);
51	fclose(out);
52	}
53	char *privkey_filename() { return creddy_id_privkey_filename(m_id); }
54
55	// write the private ket
56	// throws a std::logic_error if no private key is loaded
57	void write_privkey(std::FILE *out) {
58	int ret = creddy_id_write_privkey(m_id, out);
59	if (!ret) throw new std::logic_error("No private key loaded");
60	}
61	void write_privkey(std::string &name) {
62	std::FILE *out = fopen(name.c_str(), "w");
63	if (out == NULL)
64	throw std::invalid_argument("Could not open privkey file for writing");
65	write_privkey(out);
66	fclose(out);
67	}
68
69	abac_chunk_t cert_chunk() { return creddy_id_cert_chunk(m_id); }
70
71	friend class Attribute;
72
73	private:
74	creddy_id_t *m_id;
75	};
76
77	class Attribute {
78	public:
79	Attribute() : m_attr(NULL) { } // do not use: required by swig
80
81	// create a cert
82	Attribute(ID &issuer, char *role, int validity) : m_attr(NULL) {
83	int ret = creddy_attribute_create(&m_attr, issuer.m_id, role, validity);
84	if (ret == CREDDY_ATTRIBUTE_ISSUER_NOKEY)
85	throw std::invalid_argument("Issuer has no private key");
86	if (ret == CREDDY_ATTRIBUTE_INVALID_ROLE)
87	throw std::invalid_argument("Role name must be alphanumeric");
88	if (ret == CREDDY_ATTRIBUTE_INVALID_VALIDITY)
89	throw std::invalid_argument("Validity must be > 0 days");
90	}
91
92	~Attribute() { creddy_attribute_free(m_attr); }
93
94	// these return false if there's a bad keyid or role name
95	// they'll throw a std::logic_error if the cert's been baked
96	bool principal(char *keyid) {
97	if (baked()) throw std::logic_error("Cert is already baked");
98	return creddy_attribute_principal(m_attr, keyid);
99	}
100	bool role(char keyid, char role) {
101	if (baked()) throw std::logic_error("Cert is already baked");
102	return creddy_attribute_role(m_attr, keyid, role);
103	}
104	bool linking_role(char keyid, char role, char *linked) {
105	if (baked()) throw std::logic_error("Cert is already baked");
106	return creddy_attribute_linking_role(m_attr, keyid, role, linked);
107	}
108
109	// returns false if there are no subjects or libstrongswan fails
110	// throws a std::logic_error if the cert's already been baked
111	bool bake() {
112	if (baked()) throw std::logic_error("Cert is already baked");
113	return creddy_attribute_bake(m_attr);
114	}
115
116	// returns true iff the cert's been baked
117	bool baked() { return creddy_attribute_baked(m_attr); }
118
119	// throws a std::logic_error if the cert isn't baked
120	void write(std::FILE *out) {
121	int ret = creddy_attribute_write(m_attr, out);
122	if (!ret) throw std::logic_error("Cert is not baked");
123	}
124
125	void write(std::string &name) {
126	std::FILE *out = fopen(name.c_str(), "w");
127	if (out == NULL)
128	throw std::invalid_argument("Could not open cert file for writing");
129	write(out);
130	fclose(out);
131	}
132
133	// throws a std::logic_error if the cert isn't baked
134	abac_chunk_t cert_chunk() {
135	abac_chunk_t ret;
136	if (!baked()) throw new std::logic_error("Cert is not baked");
137	creddy_attribute_cert_chunk(m_attr, &ret);
138	return ret;
139	}
140
141	private:
142	creddy_attribute_t *m_attr;
143	};
144	}
145
146	#endif /* __CREDDY_HH__ */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: